Open dadenewyyt opened 7 years ago
As per my understanding, you also need to specifically pull out role data from acl. Assuming you already have a role created in acl with allowed resources and saved the user with it, something like
acl.whatResources (req.user.role, function(resources)){
req.role_data = resources ;
//call next function
next();
});
Then in your api routes, you might have to specifically check if req.role_data
contains access to that resource route.
Or easier is to use the middleware to check permissions before a route as mentioned in the use cases of this library. But then your resource permissions need to be constructed in a fashion that library understands.
For example.
i use jsonwentoken.
after checkingToken i set the req data for the userId.
req.user = "user";
but how do ACL get the user data from request and apply rules and permission. Please am confused ?